Information Security Policy
- Jasmine
Information Security Policy
Purpose: To protect the confidentiality, integrity, and availability of data through managing risks related to information security.
Scope: Applies to all employees, contractors, and third-party service providers with access to our information systems and data.
Responsibilities:
Employees are required to adhere to this policy and related procedures.
Security Team oversees the implementation of security measures and compliance.
Data Protection Officer (DPO) ensures adherence to data protection laws.
Data Protection:
Personal data processing in alignment with GDPR.
Regular training on data protection legislations for staff.
Incident Management:
Established process for managing and reporting security incidents.
Regular updates and training on incident response protocols.
Data Retention and Destruction:
Defined schedules for retention and secure destruction of data.
Access Control:
Use of multi-factor authentication.
Comprehensive password policy.
Risk Management:
Continuous assessment and mitigation of security risks.
Compliance:
Regular review by third parties to ensure compliance with security policies.
Subject Access Request procedure in place for data access and management.
Review and Update:
Periodic review and update of the security policy to reflect changes in technology, threats, and legal requirements.
This policy is a living document and will be reviewed regularly to ensure ongoing compliance and security of data assets.